Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to change email address of a user in devise "safely"?

By default, devise uses an email address for sign up and sign in.

But I want that the email address should be allowed to be changed by the user.

If I allow the user to edit the email address, and the user specifies an "incorrect" (i.e. a typo by mistake) email address and then user signs out, and the user also forgets what the typo'ed email was, now the user account is inaccessible by the user!

How to best work around this? (except for creating a separate, unchangeable username field that will always allow user to login)

like image 903
Zabba Avatar asked Jan 11 '11 10:01

Zabba


2 Answers

You can force the user to confirm his account again if he changes his email.

Once, you updated the password of the concerned user, you need to un-confirm the user, and then re-send the confirmation email.

To unconfirm the user :

user = User.find(1)
if user.confirmed?
  user.confirmed_at = nil
  user.save(:validate => false)
end

To resend the email confirmation :

user = User.find(1)
user.send_confirmation_instructions

Hope this help !

like image 190
Arkan Avatar answered Oct 19 '22 07:10

Arkan


Devise does this out of the box. Here is the info from the initializer:

# If true, requires any email changes to be confirmed (exactly the same way as
# initial account confirmation) to be applied. Requires additional unconfirmed_email
# db field (see migrations). Until confirmed new email is stored in
# unconfirmed email column, and copied to email column on successful confirmation.
config.reconfirmable = true

In confirmable module you may see how it works.

like image 24
peresleguine Avatar answered Oct 19 '22 06:10

peresleguine